CN104915607B - A kind of code data processing and exchange method based on mobile terminal - Google Patents

A kind of code data processing and exchange method based on mobile terminal Download PDF

Info

Publication number
CN104915607B
CN104915607B CN201510214649.8A CN201510214649A CN104915607B CN 104915607 B CN104915607 B CN 104915607B CN 201510214649 A CN201510214649 A CN 201510214649A CN 104915607 B CN104915607 B CN 104915607B
Authority
CN
China
Prior art keywords
data
applications client
processing
cipher processing
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510214649.8A
Other languages
Chinese (zh)
Other versions
CN104915607A (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ITRUSCHINA CO.,LTD.
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN201510214649.8A priority Critical patent/CN104915607B/en
Publication of CN104915607A publication Critical patent/CN104915607A/en
Application granted granted Critical
Publication of CN104915607B publication Critical patent/CN104915607B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The present invention relates to a kind of code data processing based on mobile terminal and exchange method, methods described to be:If applications client needs to carry out data Cipher Processing during interacting with application system, applications client or its API called will treat that Cipher Processing data are shown in the form of bar code;User uses the bar code that mobile scanning terminal is shown;The program of user's operation in the terminal obtains the data for treating Cipher Processing from bar code, the data that Cipher Processing is treated using storage user key in the terminal carry out Cipher Processing, according to the data after Cipher Processing it is whether sensitive by the data after Cipher Processing by encrypt or non-encrypted registered data bag in the form of the password intermediary system that is submitted to;Applications client or its API called or application system from password intermediary system or take registered data bag, so as to obtain the data after Cipher Processing.Methods described allows mobile terminal as Cipher Processing of the encryption apparatus for data.

Description

A kind of code data processing and exchange method based on mobile terminal
Technical field
The invention belongs to field of information security technology, particularly a kind of code data processing and exchange based on mobile terminal Method.
Background technology
The problem frequently encountered in the application using cryptographic technique is using which kind of scheme storage and using user Key.The storage of user key at present and using generally there is following two schemes.
A kind of is most simply also that the most frequently used scheme is that user key is stored in subscriber computer, and passes through software key Code module carries out Cipher Processing (including encrypt, decrypt, sign, signature verification) using user key to data.This scheme Problem is:Scheme is not suitable for using in public computer;If user uses the key of oneself in different computers, need Key, storage key are replicated between different computers, this brings very big inconvenience to user.
Another scheme is using special cryptographic hardware device (such as USB Key) storage user key and in cryptographic hardware Cipher Processing is carried out to data using user key in device.The great advantage of this scheme is safety, and user can be in difference On computer Cipher Processing is carried out using the data key of oneself.The problem of presence of this scheme is:Use cryptographic hardware Device such as USB Key can produce extra-pay;In Internet bar, the USB interface of many computers is mothballed, and password can not be used hard Part device.
At present, nearly all user is owned by the mobile terminals such as mobile phone, tablet personal computer (mobile computing device), these hands Machine, tablet personal computer may be used as key storage and carry out the device of data cryptogram processing.It is this to be deposited using the key of mobile terminal Although storage and operational version do not use the solution security of special cryptographic hardware device high, this in common application The security of scheme enough (for example be related to non-in the application of wealth, or in the application for only relating to small amount wealth it is this The security of scheme is enough).If using storage of the mobile terminal as user key and use device, this just has two to ask Topic needs to solve:When user is interacted using applications client and application system on computers, how will need to carry out The data of Cipher Processing are sent to mobile terminalHow application system obtains the data after mobile terminal Cipher Processing
The content of the invention
The purpose of the present invention be directed to using special cryptographic hardware device exist the problem of, propose using mobile terminal as User key stores and the processing of the code data of encryption processing apparatus and exchange scheme.
In order to realize the purpose of the present invention, technical scheme proposed by the present invention is:
A kind of code data processing and exchange method, methods described based on mobile terminal are as follows:
One program is installed in the mobile terminal of user and preserves the key of user in the terminal; The mobile terminal is Portable movable computing device (such as mobile communication terminal and tablet personal computer);The mobile terminal of user is taken the photograph As head and bar code scan program (program of dynamic base, class libraries and independent operating) are used for bar code scan and barcode data reading;Institute Stating user key includes symmetric key and/or unsymmetrical key;The program is one and operates in user's movement eventually The program (i.e. APP) that data are carried out with Cipher Processing in end;The Cipher Processing includes encryption, decryption, digital signature, signature Checking;The digital signature and signature verification include digital signature of symmetric key and signature verification, and unsymmetrical key numeral Signature and signature verification;The program is called the bar code scan program in mobile terminal to obtain and shown with bar code form Data;
User accesses application system using the applications client of operation in a computer;
If applications client needs to carry out Cipher Processing to data during interacting with application system, apply The API that client or applications client are called will be entered by bar code after the data of Cipher Processing and to the data after Cipher Processing The data transfer of line identifier gives the program operated in customer mobile terminal;Program use is stored in shifting The data that user key in dynamic terminal treats Cipher Processing carry out Cipher Processing;Program completes the password of data After processing, the data after Cipher Processing are submitted in the form of registered data bag to the preservation of password intermediary system, and to password at The data that data after reason are identified then are converted into the mark data of registered data bag;Applications client or applications client The API or application system of calling obtain program from password intermediary system according to the mark data of registered data bag and submitted Registered data bag, so as to obtain the data after Cipher Processing;If the data after Cipher Processing are sensitive data, it is submitted to The registered data coating program encryption of password intermediary system, and the API that applications client or applications client are called While the data for treating Cipher Processing are passed into program by bar code by bar code, after to Cipher Processing The private data that data are encrypted passes to program by bar code;And applications client or applications client After the API or application system of calling obtain the registered data bag that program is submitted, by the data after Cipher Processing The registered data bag for the private data decryption encryption being encrypted;
The API that the applications client is called is to be employed the API (application programmings that client call is handled data Interface) program (such as dynamic base, component, class libraries), including Cipher Processing API;The password intermediary system is one and is used as number According to the system for transmitting bridge;The password intermediary system is a group of the system either application system of an independent operating Part;The registered data bag received is preserved a predetermined time segment time limit by the password intermediary system in internal memory or database (such as 30 seconds), after predetermined time limit holding time, password intermediary system is by the registered data bag of preservation from internal memory or data Deleted in storehouse;Or obtained in the registered data coating of preservation more than after predetermined number, password intermediary system is posted preservation Deposit data bag is deleted from internal memory or database.
It can be seen that, based on the method for the present invention, user can be using mobile terminal as carrying with by above description Key storage and encryption processing apparatus, and by password intermediary system by the data transfer after Cipher Processing to applications client or Application system, for user without special cryptographic hardware device, this was both easy for operation for a user, and need not additionally open Pin, and can be used in the environment of no USB interface.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the embodiment of the present invention one or embodiment two.
Fig. 2 is the schematic flow sheet of the embodiment of the present invention three or example IV.
Embodiment
The invention will be further described with reference to the accompanying drawings and examples.
The present invention is sensitive, need for confidentiality or insensitive, need not maintained secrecy for the data after Cipher Processing , and the data after Cipher Processing direct acquisition entity be application system or applications client different situations, just like Lower four kinds of specific embodiments.
Embodiment one:
If the data after Cipher Processing are sensitive, need for confidentiality, the direct acquisition entity of the data after Cipher Processing It is application system, then the implementation of methods described is as follows:
If applications client needs to carry out Cipher Processing to data during interacting with application system, use API, program and the password intermediary system that family, applications client or applications client are called are treated as follows The data of Cipher Processing carry out operation processing:
The first step:The API that applications client or applications client are called is close by the data and data exchange for the treatment of Cipher Processing Key is shown in the form of bar code;The data exchange key is both the secret number that the data after Cipher Processing are encrypted According to, while also serve as the data being identified to the data after Cipher Processing;
Second step:The mobile terminal that user has program using operation enters to the bar code shown on subscriber computer Row scanning;
3rd step:Program obtains the data for treating Cipher Processing and data exchange key from the bar code of scanning;
4th step:The data that program treats Cipher Processing using the user key of storage in the terminal are entered Row Cipher Processing, the data formed after Cipher Processing;
5th step:Program uses the data exchange key obtained from bar code or led by data exchange key The data after Cipher Processing are encrypted to form registered data bag for the key gone out;Program is using unidirectional irreversible letter Several data exchange keys to being obtained from bar code are handled, mark of the data generated using after processing as registered data bag Code, password intermediary system is submitted to by the registered data bag with identification code;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:The API that applications client or applications client are called is using same unidirectional irreversible function pair data Exchange key to be handled, the data generated using after processing are had as the identification code of registered data bag from password intermediary system There is the registered data bag of correspondingly (i.e. same) identification code;The API that applications client or applications client are called uses data exchange The key or registered data bag of acquisition is decrypted key as derived from data exchange key, obtain the number after Cipher Processing According to;
If applications client needs the data after Cipher Processing being submitted to application system, the 8th step is performed;Otherwise, tie Beam Cipher Processing performs;
8th step:Data after the Cipher Processing of acquisition are submitted to application system by applications client.
Embodiment two:
If the data after Cipher Processing are insensitive, need not maintained secrecy, the direct acquisition of the data after Cipher Processing Entity is application system, and the specific implementation of methods described is as follows:
If applications client needs to carry out Cipher Processing to data during interacting with application system, use API, program and the password intermediary system that family, applications client or applications client are called are treated as follows The data of Cipher Processing carry out operation processing:
The first step:The API that applications client or applications client are called will treat the data and data identification code of Cipher Processing Shown in the form of bar code;The Data Identification code is the data being identified to the data after Cipher Processing;
Second step:The mobile terminal that user has program using operation enters to the bar code shown on subscriber computer Row scanning;
3rd step:Program obtains the data for treating Cipher Processing and data identification code from the bar code of scanning;
4th step:The data that program treats Cipher Processing using the user key of storage in the terminal are entered Row Cipher Processing, and the data after Cipher Processing are formed into registered data bag;
5th step:Program is by the Data Identification code obtained from bar code or by number derived from Data Identification code Password intermediary system is submitted to according to the identification code as registered data bag, and by the registered data bag with identification code;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:The API that applications client or applications client are called (adopts with data coding code or by Data Identification code By the use of same method) derived from data obtained as the identification code of registered data bag from password intermediary system with corresponding (i.e. equally) The registered data bag of identification code, so as to obtain the data after Cipher Processing;
If applications client needs the data after Cipher Processing being submitted to application system, the 8th step is performed;Otherwise, tie Beam Cipher Processing performs;
8th step:Data after the Cipher Processing of acquisition are submitted to application system by applications client.
Embodiment three:
If the data after Cipher Processing are sensitive, need for confidentiality, the direct acquisition entity of the number after Cipher Processing is Applications client, then the specific implementation of methods described is as follows:
If applications client needs to carry out Cipher Processing to data during interacting with application system, use API, program and the password intermediary system that family, applications client or applications client are called are treated as follows The data of Cipher Processing carry out operation processing:
The first step:The API that applications client or applications client are called is close by the data and data exchange for the treatment of Cipher Processing Key is shown in the form of bar code;The data exchange key is both the secret number that the data after Cipher Processing are encrypted According to, while also serve as the data being identified to the data after Cipher Processing;
Second step:The mobile terminal that user has program using operation enters to the bar code shown on subscriber computer Row scanning;
3rd step:Program obtains the data for treating Cipher Processing and data exchange key from the bar code of scanning;
4th step:The data that program treats Cipher Processing using the user key of storage in the terminal are entered Row Cipher Processing, the data formed after Cipher Processing;
5th step:Program uses the data exchange key obtained from bar code or led by data exchange key The data after Cipher Processing are encrypted to form registered data bag for the key gone out;Program is using unidirectional irreversible letter Several data exchange keys to being obtained from bar code are handled, mark of the data generated using after processing as registered data bag Code, password intermediary system is submitted to by the registered data bag with identification code;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:Application system to data exchange key using it is same unidirectionally can not inverse function handle, with processing The data generated afterwards are obtained with corresponding (i.e. same) identification code as the identification code of registered data bag from password intermediary system Registered data bag;
If application system needs to use the data after Cipher Processing, the 8th step is performed, otherwise, is transferred to the execution of the 9th step;
8th step:Application system using data exchange key or as derived from data exchange key key to being posted Deposit data bag is decrypted, and obtains the data after Cipher Processing;
If the API that applications client or applications client are called needs to use the data after Cipher Processing, continue, perform 9th step, otherwise, terminate Cipher Processing and perform;
9th step:The API that applications client or applications client are called obtains registered data bag from application system;Using visitor Using data exchange key or as derived from data exchange key, the registered data bag of acquisition is decrypted key at family end, obtains Obtain the data after Cipher Processing.
Example IV:
If the data after Cipher Processing are insensitive, need not maintained secrecy, the direct acquisition entity after Cipher Processing is Applications client, then the specific implementation of methods described is as follows:
If applications client needs to carry out Cipher Processing to data during interacting with application system, use API, program and the password intermediary system that family, applications client or applications client are called are treated as follows The data of Cipher Processing carry out operation processing:
The first step:The API that applications client or applications client are called will treat the data and data identification code of Cipher Processing Shown in the form of bar code;The Data Identification code is the data being identified to the data after Cipher Processing;
Second step:The mobile terminal that user has program using operation enters to the bar code shown on subscriber computer Row scanning;
3rd step:Program obtains the data for treating Cipher Processing and data identification code from the bar code of scanning;
4th step:User treats Cipher Processing by program using the user key of storage in the terminal Data carry out Cipher Processing, and by after Cipher Processing data formed registered data bag;
5th step:Program is with the Data Identification code that is obtained from bar code or by number derived from Data Identification code According to the identification code as registered data bag, the registered data bag with identification code is submitted to password intermediary system;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:Application system with Data Identification code or as derived from Data Identification code (using same method), make by data Obtained for the identification code of registered data bag as the identification code of registered data bag from password intermediary system with corresponding (i.e. identical) The registered data bag of identifier, and obtain the data after Cipher Processing;
If the API that applications client or applications client are called needs to use the data after Cipher Processing, the 8th is performed Step;Otherwise, terminate Cipher Processing to perform;
8th step:The API that applications client or applications client are called from application system obtain Cipher Processing after data.
Data exchange key in embodiment one and embodiment three can generate as follows:
By the same user identifier of the word string generated at random (such as account name) or the net with computer where applications client The data that are generated are as data exchange key after network MAC Address merges, or by the same user identifier of the word string generated at random Or generated after merging with the network/MAC address of computer where applications client after unidirectional irreversible functional operation processing Data as data exchange key, or using the Session ID of session connection between applications client and application system as Data exchange key.
The API that data exchange key in embodiment three is called by applications client or applications client is generated (i.e. in visitor Family end generates), or generated and (generated in server end) by application system;If data exchange key is by applications client or answers Generated with the API of client call, then before application system obtains registered data bag from password intermediary system (through user's operation or Automatically data exchange key is submitted to application system by applications client);If data exchange key is generated by application system, Before the API that applications client or applications client are called exchanges key with bar code form display data, by application system by number Applications client is returned to according to key is exchanged.
Data Identification code in embodiment two or example IV can generate as follows:
By the same user identifier of the word string generated at random (such as account name) or the net with computer where applications client The data that network MAC Address is generated after merging are as Data Identification code, by the word string generated at random with user identifier or same The data generated after the network/MAC address of computer merges where applications client after unidirectional irreversible functional operation processing As Data Identification code, or using the Session ID of session connection between applications client and application system as Data Identification Code.
The API generations that Data Identification code in example IV can be called by applications client or applications client (exist Client generates), or generated and (generated in server end) by application system;If Data Identification code is by applications client or answers Generated with the API of client call, then before application system obtains registered data bag from password intermediary system (through user's operation or Automatically Data Identification code is submitted to application system by applications client);If Data Identification code is generated by application system, answering Before the API called with client or applications client is with bar code form display data identification code, by application system by Data Identification Code returns to applications client.
In embodiment three or example IV, if application system is Web application systems, and applications client (i.e. browser) The API of calling is needed from the data after application system acquisition Cipher Processing, then by applications client during applications client calling API The Session ID of session connection passes to called API between application system, and the API that applications client is called is from should When the data after registered data bag or Cipher Processing are obtained with system, by session connection between applications client and application system Session identification is submitted to application system in the way of application client submits Session ID.For bar code, Quick Response Code can be used. The generation of Quick Response Code has been ripe technology at present.Two-dimension code image can both be generated in server end by application system, also may be used To be generated in client by applications client;If applications client calls local API to carry out Cipher Processing to data, then may be used also Generated with the local API called by applications client end.No matter wherein generate, there are many instruments to can be used including free instrument (can be obtained from network).
For unidirectionally can not inverse function, hash function (HASH functions) can be used.
The mode of the key for the data after Cipher Processing to be encrypted is exported by data exchange key can use one It is individual unidirectionally can not inverse function such as hash function data exchange key is handled, the data generated after processing obtain key. Similarly, by Data Identification code export registered data bag identification code mode can with one unidirectionally can not inverse function such as hash letter It is several that data identification code is handled, the identification code using the data generated after processing as registered data bag.
The development technique exploitation for being suitable for mobile terminal used in user can be used in program, for example Android is moved J2ME exploitations can be used in terminal;IOS terminals can be used Objective-C exploitations.Current mobile terminal (including it is mobile phone, flat Plate computer) there is camera.There are many bar code scan APP or dynamic base, class libraries for being applied to mobile terminal, Cipher Processing at present Program can directly utilize these bar code scans APP, or (or even oneself be opened using various bar code scans, the dynamic base of identification, class libraries Hair).
Program uses the user key and the progress that store in the terminal typically by crypto module The Cipher Processing of data.Therefore need to implement a crypto module in the terminal, this crypto module is responsible for key management, Including key generation, storage and delete, and the Cipher Processing of data, including encrypt, decrypt, digital signature and signature verification.
Password intermediary system can use any development of information system technology, such as C/C++, J2EE, ASP.NET, and data Storehouse technology, such as MySQL, SQL Server, Oracle exploitations.If the storage of registered data bag, memory storage can be used The scheme being combined with database purchase:Preferentially registered data bag is stored in internal memory, if the registered data deposited in internal memory Bag and data exceed certain quantity, then registered data bag are stored in database.Registered data bag is indexed with identification code.
Program, applications client, the interaction protocol of application system and password intermediary system, can oneself be fixed Justice.
Other unaccounted particular techniques are implemented, and are it is well known that not saying certainly for those skilled in the relevant art Bright.

Claims (10)

1. a kind of code data processing and exchange method based on mobile terminal, it is characterized in that:
One program is installed in the mobile terminal of user and preserves the key of user in the terminal;It is described Mobile terminal is Portable movable computing device;The mobile terminal of user has camera and bar code scan program to be used for bar code scan Read with barcode data;The user key includes symmetric key and/or unsymmetrical key;The program is one The program that data are carried out with Cipher Processing operated in customer mobile terminal;The Cipher Processing includes encryption, decryption, numeral Signature, signature verification;The digital signature and signature verification include digital signature of symmetric key and signature verification, and asymmetric Key digital signature and signature verification;The program calls the bar code scan program in mobile terminal to obtain with bar code The data that form is shown;
User accesses application system using the applications client of operation in a computer;
If applications client needs to carry out Cipher Processing, application client to data during interacting with application system The API that end or applications client are called will enter rower by bar code after the data of Cipher Processing and to the data after Cipher Processing The data transfer of knowledge gives the program operated in customer mobile terminal;Program use is stored in mobile whole The data that user key in end treats Cipher Processing carry out Cipher Processing;Program completes the Cipher Processing of data Afterwards, the data after Cipher Processing are submitted in the form of registered data bag password intermediary system preservation, and to Cipher Processing after The data that are identified of data be then converted into the mark data of registered data bag;Applications client or applications client are called API or application system according to registered data bag mark data from password intermediary system obtain program submit posting Deposit data bag, so as to obtain the data after Cipher Processing;If the data after Cipher Processing are sensitive data, password is submitted to The registered data coating program encryption of intermediary system, and the API that applications client or applications client are called is being incited somebody to action While treating that the data of Cipher Processing pass to program by bar code, the data after Cipher Processing will be encrypted The private data of processing passes to program by bar code;And API that applications client or applications client are called or After application system obtains the registered data bag that program is submitted, by the way that the data after Cipher Processing are encrypted Private data decryption encryption registered data bag;
The API that the applications client is called is to be employed the api routine that client call is handled data, including password Handle API;The password intermediary system is a system as data transfer bridge;The password intermediary system is one only One component of the system of vertical operation either application system;The password intermediary system is by including the registered data bag received Deposit or database in preserve a predetermined time segment time limit, after predetermined time limit holding time, password intermediary system will protect The registered data bag deposited is deleted from internal memory or database;Or exceed predetermined number in the registered data coating acquisition of preservation Afterwards, password intermediary system deletes the registered data bag of preservation from internal memory or database.
2. code data processing and exchange method according to claim 1 based on mobile terminal, it is characterized in that:
If applications client needs to carry out data Cipher Processing during interacting with application system, user, answer API, program and the password intermediary system called with client or applications client treat password as follows The data of processing carry out operation processing:
The first step:The API that applications client or applications client are called will treat data and the data exchange key of Cipher Processing with The form of bar code is shown;The data exchange key is both the private data that the data after Cipher Processing are encrypted, The data being identified to the data after Cipher Processing are also served as simultaneously;
Second step:The mobile terminal that user has program using operation is swept to the bar code shown on subscriber computer Retouch;
3rd step:Program obtains the data for treating Cipher Processing and data exchange key from the bar code of scanning;
4th step:The data progress that program treats Cipher Processing using the user key of storage in the terminal is close Code processing, the data formed after Cipher Processing;
5th step:Program use the data exchange key that is obtained from bar code or by data exchange key derived from The data after Cipher Processing are encrypted to form registered data bag for key;Program is using unidirectional irreversible function pair The data exchange key obtained from bar code is handled, the data generated using after processing as registered data bag identification code, Registered data bag with identification code is submitted to password intermediary system;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:The API that applications client or applications client are called is using same unidirectional irreversible function pair data exchange Key is handled, the data generated using after processing as the identification code of registered data bag from password intermediary system obtain with pair Answer the registered data bag of identification code;The API that applications client or applications client are called is using data exchange key or by counting The registered data bag of acquisition is decrypted according to key derived from exchange key, obtains the data after Cipher Processing;
If applications client needs the data after Cipher Processing being submitted to application system, the 8th step is performed;Otherwise, terminate close Code processing performs;
8th step:Data after the Cipher Processing of acquisition are submitted to application system by applications client.
3. code data processing and exchange method according to claim 1 based on mobile terminal, it is characterized in that:
If applications client needs to carry out data Cipher Processing during interacting with application system, user, answer API, program and the password intermediary system called with client or applications client treat password as follows The data of processing carry out operation processing:
The first step:The API that applications client or applications client are called by treat Cipher Processing data and data identification code with bar The form of code is shown;The Data Identification code is the data being identified to the data after Cipher Processing;
Second step:The mobile terminal that user has program using operation is swept to the bar code shown on subscriber computer Retouch;
3rd step:Program obtains the data for treating Cipher Processing and data identification code from the bar code of scanning;
4th step:The data progress that program treats Cipher Processing using the user key of storage in the terminal is close Code processing, and the data after Cipher Processing are formed into registered data bag;
5th step:Program is made by the Data Identification code obtained from bar code or by data derived from Data Identification code For the identification code of registered data bag, and the registered data bag with identification code is submitted to password intermediary system;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:The API that applications client or applications client are called is with Data Identification code or as derived from Data Identification code Data obtain the registered data bag with corresponding identification code as the identification code of registered data bag from password intermediary system, so as to obtain Obtain the data after Cipher Processing;
If applications client needs the data after Cipher Processing being submitted to application system, the 8th step is performed;Otherwise, terminate close Code processing performs;
8th step:Data after the Cipher Processing of acquisition are submitted to application system by applications client.
4. code data processing and exchange method according to claim 1 based on mobile terminal, it is characterized in that:
If applications client needs to carry out data Cipher Processing during interacting with application system, user, answer API, program and the password intermediary system called with client or applications client treat password as follows The data of processing carry out operation processing:
The first step:The API that applications client or applications client are called will treat data and the data exchange key of Cipher Processing with The form of bar code is shown;The data exchange key is both the private data that the data after Cipher Processing are encrypted, The data being identified to the data after Cipher Processing are also served as simultaneously;
Second step:The mobile terminal that user has program using operation is swept to the bar code shown on subscriber computer Retouch;
3rd step:Program obtains the data for treating Cipher Processing and data exchange key from the bar code of scanning;
4th step:The data progress that program treats Cipher Processing using the user key of storage in the terminal is close Code processing, the data formed after Cipher Processing;
5th step:Program use the data exchange key that is obtained from bar code or by data exchange key derived from The data after Cipher Processing are encrypted to form registered data bag for key;Program is using unidirectional irreversible function pair The data exchange key obtained from bar code is handled, the data generated using after processing as registered data bag identification code, Registered data bag with identification code is submitted to password intermediary system;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:Application system to data exchange key using it is same unidirectionally can not inverse function handle, with raw after processing Into data obtain the registered data bag with corresponding identification code from password intermediary system as the identification code of registered data bag;
If application system needs to use the data after Cipher Processing, the 8th step is performed, otherwise, is transferred to the execution of the 9th step;
8th step:Application system uses data exchange key or deposit number of the key to acquisition as derived from data exchange key It is decrypted according to bag, obtains the data after Cipher Processing;
If the API that applications client or applications client are called needs to use the data after Cipher Processing, continue, perform the 9th Step, otherwise, terminate Cipher Processing and perform;
9th step:The API that applications client or applications client are called obtains registered data bag from application system;Applications client Using data exchange key or as derived from data exchange key, the registered data bag of acquisition is decrypted key, obtains close Data after code processing.
5. code data processing and exchange method according to claim 1 based on mobile terminal, it is characterized in that:
If applications client needs to carry out data Cipher Processing during interacting with application system, user, answer API, program and the password intermediary system called with client or applications client treat password as follows The data of processing carry out operation processing:
The first step:The API that applications client or applications client are called by treat Cipher Processing data and data identification code with bar The form of code is shown;The Data Identification code is the data being identified to the data after Cipher Processing;
Second step:The mobile terminal that user has program using operation is swept to the bar code shown on subscriber computer Retouch;
3rd step:Program obtains the data for treating Cipher Processing and data identification code from the bar code of scanning;
4th step:User treats the number of Cipher Processing by program using the user key of storage in the terminal Registered data bag is formed according to progress Cipher Processing, and by the data after Cipher Processing;
5th step:Program is made with the Data Identification code that is obtained from bar code or by data derived from Data Identification code For the identification code of registered data bag, the registered data bag with identification code is submitted to password intermediary system;
6th step:The registered data bag received is stored in internal memory or database by password intermediary system;
7th step:Application system is using Data Identification code or mark of the data as registered data bag as derived from Data Identification code Code obtains the registered data bag with corresponding identifier from password intermediary system, and obtains the data after Cipher Processing;
If the API that applications client or applications client are called needs to use the data after Cipher Processing, the 8th step is performed;It is no Then, terminate Cipher Processing to perform;
8th step:The API that applications client or applications client are called from application system obtain Cipher Processing after data.
6. the processing of the code data based on mobile terminal and exchange method according to claim 2 or 4, it is characterized in that:
The data exchange key is the word string that will be generated at random with user identifier or with computer where applications client Network/MAC address merge after the data that are generated, or by the word string generated at random with user identifier or with application The data generated after the network/MAC address of computer merges where client after unidirectional irreversible functional operation processing, or Person is the Session ID of session connection between applications client and application system.
7. code data processing and exchange method according to claim 4 based on mobile terminal, it is characterized in that:
The API that the data exchange key is called by applications client or applications client is generated, or is generated by application system; If the API that the data exchange key is called by applications client or applications client is generated, in application system from password Data exchange key is submitted to application system by applications client before Jie's system acquisition registered data bag;If the data exchange Key is generated by application system, then the API called in applications client or applications client is exchanged with bar code form display data Before key, data exchange key is returned into applications client by application system.
8. the processing of the code data based on mobile terminal and exchange method according to claim 3 or 5, it is characterized in that:
The Data Identification code is the word string that will be generated at random with user identifier or with computer where applications client The data that network/MAC address is generated after merging, or by the word string generated at random with user identifier or with application visitor The data generated after the network/MAC address of computer merges where the end of family after unidirectional irreversible functional operation processing, or It is the Session ID of session connection between applications client and application system.
9. code data processing and exchange method according to claim 5 based on mobile terminal, it is characterized in that:
The API that the Data Identification code is called by applications client or applications client is generated, or is generated by application system;If The API that the Data Identification code is called by applications client or applications client is generated, then is from password intermediary in application system Data Identification code is submitted to application system by applications client before system acquisition registered data bag;If the Data Identification code is by answering Generated with system, then before the API that applications client or applications client are called is with bar code form display data identification code, by answering Data Identification code is returned into applications client with system.
10. the processing of the code data based on mobile terminal and exchange method according to claim 4 or 5, it is characterized in that:
If application system is Web application systems, and the API that applications client is called is needed after application system obtains Cipher Processing Data, then the Session ID of session connection between applications client and application system is passed when applications client calls API Pass called API, and the API that applications client is called from application system obtain registered data bag or Cipher Processing after number According to when, by the session identification of session connection between applications client and application system by application client submit Session ID side Formula is submitted to application system.
CN201510214649.8A 2015-04-28 2015-04-28 A kind of code data processing and exchange method based on mobile terminal Active CN104915607B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510214649.8A CN104915607B (en) 2015-04-28 2015-04-28 A kind of code data processing and exchange method based on mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510214649.8A CN104915607B (en) 2015-04-28 2015-04-28 A kind of code data processing and exchange method based on mobile terminal

Publications (2)

Publication Number Publication Date
CN104915607A CN104915607A (en) 2015-09-16
CN104915607B true CN104915607B (en) 2018-02-09

Family

ID=54084667

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510214649.8A Active CN104915607B (en) 2015-04-28 2015-04-28 A kind of code data processing and exchange method based on mobile terminal

Country Status (1)

Country Link
CN (1) CN104915607B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105281916B (en) * 2015-11-05 2018-09-25 武汉理工大学 A kind of portable cryptographic system
CN107402876A (en) * 2016-05-18 2017-11-28 中兴通讯股份有限公司 A kind of method and terminal of startup ADB debugging

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647869A (en) * 2013-11-14 2014-03-19 深圳创维数字技术股份有限公司 Terminal pairing method, terminal and system
CN103685557A (en) * 2013-12-26 2014-03-26 金蝶软件(中国)有限公司 Method and device for uploading and downloading file
CN103679114A (en) * 2014-01-06 2014-03-26 武汉瑞普思信息技术有限公司 Method and system for obtaining mobile information based on two-dimensional codes
CN104079404A (en) * 2014-07-07 2014-10-01 北京深思数盾科技有限公司 Sensitive data secure exchange method and system
CN104142994A (en) * 2014-07-30 2014-11-12 腾讯科技(深圳)有限公司 Data list acquisition method, terminal and system
CN104202163A (en) * 2014-08-19 2014-12-10 武汉理工大学 Password system based on mobile terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647869A (en) * 2013-11-14 2014-03-19 深圳创维数字技术股份有限公司 Terminal pairing method, terminal and system
CN103685557A (en) * 2013-12-26 2014-03-26 金蝶软件(中国)有限公司 Method and device for uploading and downloading file
CN103679114A (en) * 2014-01-06 2014-03-26 武汉瑞普思信息技术有限公司 Method and system for obtaining mobile information based on two-dimensional codes
CN104079404A (en) * 2014-07-07 2014-10-01 北京深思数盾科技有限公司 Sensitive data secure exchange method and system
CN104142994A (en) * 2014-07-30 2014-11-12 腾讯科技(深圳)有限公司 Data list acquisition method, terminal and system
CN104202163A (en) * 2014-08-19 2014-12-10 武汉理工大学 Password system based on mobile terminal

Also Published As

Publication number Publication date
CN104915607A (en) 2015-09-16

Similar Documents

Publication Publication Date Title
US11743041B2 (en) Technologies for private key recovery in distributed ledger systems
Horstmeyer et al. Physical key-protected one-time pad
CN103679436B (en) A kind of electronic contract security system and method based on biological information identification
CN102170357B (en) Combined secret key dynamic security management system
Cheng Security attack safe mobile and cloud-based one-time password tokens using rubbing encryption algorithm
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
Gasti et al. Secure, fast, and energy-efficient outsourced authentication for smartphones
WO2015188424A1 (en) Key storage device and method for using same
CN105281902B (en) A kind of Web system safe login method based on mobile terminal
CN106992851A (en) TrustZone-based database file password encryption and decryption method and device and terminal equipment
Ali et al. A secure and efficient multi-factor authentication algorithm for mobile money applications
CN116318617B (en) Medical rescue material charity donation method based on RFID and blockchain
CN107332660A (en) A kind of Novel movable data encryption security system
CN104901951B (en) Code data processing based on mobile terminal and exchange method in a kind of Web applications
Goel et al. LEOBAT: Lightweight encryption and OTP based authentication technique for securing IoT networks
Ernst et al. A Framework for UC Secure Privacy Preserving Biometric Authentication Using Efficient Functional Encryption
CN104915607B (en) A kind of code data processing and exchange method based on mobile terminal
Yang et al. A privacy model for RFID tag ownership transfer
CN113826096A (en) User authentication and signature apparatus and method using user biometric identification data
CN111010386B (en) Privacy protection and data supervision control method based on shared account book
GB2438543A (en) Method and system for secure authentication and data exchange in client server architecture
CN106485128A (en) A kind of system based on removable storage device fingerprint
TWI640887B (en) User verification system implemented along with a mobile device and method thereof
CN105227562A (en) The key business data transmission mediation device of identity-based checking and using method thereof
Halvi et al. A robust and secured cloud based distributed biometric system using symmetric key cryptography and microsoft cognitive API

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20211125

Address after: Room 401a, building 4, yard 7, Shangdi 8th Street, Haidian District, Beijing 100085

Patentee after: ITRUSCHINA CO.,LTD.

Address before: 430070 Hubei Province, Wuhan city Hongshan District Luoshi Road No. 122

Patentee before: WUHAN University OF TECHNOLOGY

TR01 Transfer of patent right